Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup That Says Computer Is Infected


  • Please log in to reply
1 reply to this topic

#1 roosi23

roosi23

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 08 July 2006 - 11:35 PM

I have a popup that keeps saying that the computer is infected, cannot remove it with spyware removal, ran winpfind, results are below. New at this, can someone help?

by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 5/5/2006 7:39:36 AM 39424 C:\WINDOWS\mtuninst.exe

Checking %System% folder...
PEC2 8/4/2004 2:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 4/10/2006 1:00:34 PM 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 6/8/2006 8:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 6/8/2006 8:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 2:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
7/6/2006 6:44:10 AM S 2048 C:\WINDOWS\bootstat.dat
7/6/2006 10:41:44 PM H 54156 C:\WINDOWS\QTFont.qfn
7/7/2006 6:09:40 PM H 0 C:\WINDOWS\LastGood\INF\oem18.inf
7/7/2006 6:09:40 PM H 0 C:\WINDOWS\LastGood\INF\oem18.PNF
7/6/2006 6:46:26 AM H 35981 C:\WINDOWS\system32\vsconfig.xml
6/22/2006 6:18:30 AM S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
5/29/2006 11:16:00 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
5/18/2006 2:15:12 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
6/1/2006 3:28:56 PM S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
7/8/2006 7:49:28 PM H 1024 C:\WINDOWS\system32\config\default.LOG
7/8/2006 11:11:52 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
7/8/2006 11:10:58 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
7/8/2006 11:16:44 PM H 12288 C:\WINDOWS\system32\config\software.LOG
7/8/2006 11:11:38 PM H 1024 C:\WINDOWS\system32\config\system.LOG
6/22/2006 3:00:52 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
6/30/2006 1:30:10 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\49c0444f-b944-4cb9-8460-106b03907f8f
6/30/2006 1:30:10 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/6/2006 6:44:18 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 3/4/2005 3:36:44 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 7/12/2004 4:50:00 AM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 1/8/2004 5:52:00 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/7/2006 6:24:46 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
8/26/2004 1:04:46 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
6/5/2006 12:50:10 AM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/26/2004 5:54:36 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
6/7/2006 7:48:52 AM 2888 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
7/6/2006 10:44:06 PM 1753 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
8/26/2004 1:04:46 PM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
7/7/2006 6:22:08 PM 1559 C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
8/26/2004 5:54:36 AM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
7/7/2006 6:22:08 PM 0 C:\Documents and Settings\Owner\Application Data\dm.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
YPC 3.2.0 = Yahoo! Parental Controls

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\HotShellExt_40
{6BC1BB05-BA15-415d-8C62-093A7F312FD2} = C:\Program Files\eFax Messenger 4.0\J2GShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{119DBEDA-9c41-4F97-94B4-B6BCD01133CF} = Morpheus Toolbar : C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{119DBEDA-9c41-4F97-94B4-B6BCD01133CF}
ButtonText = Morpheus Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = SBC Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRA~1\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{7435856C-6CA1-45CF-A00D-82178387F223} = :
{119DBEDA-9C41-4F97-94B4-B6BCD01133CF} = Morpheus Toolbar : C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ElbyCheckAnyDVD "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
AnyDVD C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Spyware Doctor "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^2Wire Wireless Client.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk
backup C:\WINDOWS\pss\2Wire Wireless Client.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\2WIRE8~1.11G\PRISMCFG.EXE /START
item 2Wire Wireless Client
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk
backup C:\WINDOWS\pss\2Wire Wireless Client.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\2WIRE8~1.11G\PRISMCFG.EXE /START
item 2Wire Wireless Client

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup C:\WINDOWS\pss\BigFix.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\BigFix\BigFix.exe /atstartup
item BigFix
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup C:\WINDOWS\pss\BigFix.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\BigFix\BigFix.exe /atstartup
item BigFix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax DllCmd 4.0.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax DllCmd 4.0.lnk
backup C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\EFAXME~1.0\J2GDLL~1.EXE /R
item eFax DllCmd 4.0
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax DllCmd 4.0.lnk
backup C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\EFAXME~1.0\J2GDLL~1.EXE /R
item eFax DllCmd 4.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu 4.0.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 4.0.lnk
backup C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\EFAXME~1.0\J2GTray.exe
item eFax Tray Menu 4.0
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 4.0.lnk
backup C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\EFAXME~1.0\J2GTray.exe
item eFax Tray Menu 4.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~3\Office\OSA9.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~3\Office\OSA9.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk
path C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
location Startup
command C:\PROGRA~1\LimeWire\LimeWire.exe -startup
item LimeWire On Startup
path C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
location Startup
command C:\PROGRA~1\LimeWire\LimeWire.exe -startup
item LimeWire On Startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Morpheus.lnk
path C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Morpheus.lnk
backup C:\WINDOWS\pss\Morpheus.lnkStartup
location Startup
command C:\PROGRA~1\Morpheus\Morpheus.exe -min
item Morpheus
path C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Morpheus.lnk
backup C:\WINDOWS\pss\Morpheus.lnkStartup
location Startup
command C:\PROGRA~1\Morpheus\Morpheus.exe -min
item Morpheus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\3DNADesktop
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 3dnasys
hkey HKLM
command "C:\Program Files\3DNA\Resources\3dnasys.exe" -open
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 3dnasys
hkey HKLM
command "C:\Program Files\3DNA\Resources\3dnasys.exe" -open
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\7571717175747C78
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 3430303034333B
hkey HKLM
command 3430303034333B.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 3430303034333B
hkey HKLM
command 3430303034333B.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alhx
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ??rss
hkey HKCU
command C:\Program Files\a?sembly\??rss.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ??rss
hkey HKCU
command C:\Program Files\a?sembly\??rss.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLSP Scheduler
hkey HKLM
command "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLSP Scheduler
hkey HKLM
command "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NMBgMonitor
hkey HKCU
command "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NMBgMonitor
hkey HKCU
command "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CaAvTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVTray
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVTray
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAVRID
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVRID
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVRID
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CleanUp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcappins
hkey HKLM
command C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcappins
hkey HKLM
command C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ClockWallpaper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ClockWallpaper
hkey HKLM
command "C:\Program Files\ClockWallpaper\ClockWallpaper.exe" /a
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ClockWallpaper
hkey HKLM
command "C:\Program Files\ClockWallpaper\ClockWallpaper.exe" /a
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMMan
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CMMan
hkey HKCU
command "C:\Program Files\CMMan\CMMan.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CMMan
hkey HKCU
command "C:\Program Files\CMMan\CMMan.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cpue
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wucrtupd
hkey HKCU
command "C:\PROGRA~1\COMMON~1\SEMBLY~1\wucrtupd.exe" -vt yazr
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wucrtupd
hkey HKCU
command "C:\PROGRA~1\COMMON~1\SEMBLY~1\wucrtupd.exe" -vt yazr
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DIGServices
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DIGServices
hkey HKLM
command C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DIGServices
hkey HKLM
command C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DIGStream
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item digstream
hkey HKLM
command C:\Program Files\DIGStream\digstream.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item digstream
hkey HKLM
command C:\Program Files\DIGStream\digstream.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GoogleDesktop
hkey HKLM
command "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GoogleDesktop
hkey HKLM
command "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\googletalk
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item googletalk
hkey HKCU
command "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item googletalk
hkey HKCU
command "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPInSightMonitor 01
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPMon32
hkey HKLM
command "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPMon32
hkey HKLM
command "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\irassync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item irasyncd
hkey HKLM
command C:\WINDOWS\system32\irasyncd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item irasyncd
hkey HKLM
command C:\WINDOWS\system32\irasyncd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAFInstaller_masins.ui
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MCAPPINS
hkey HKLM
command C:\DOCUME~1\Owner\LOCALS~1\Temp\MASH20~1.TMP\MCAPPINS.exe /v=3 /start=masins.ui::default.htm
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MCAPPINS
hkey HKLM
command C:\DOCUME~1\Owner\LOCALS~1\Temp\MASH20~1.TMP\MCAPPINS.exe /v=3 /start=masins.ui::default.htm
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcagent
hkey HKLM
command c:\PROGRA~1\mcafee.com\agent\mcagent.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcagent
hkey HKLM
command c:\PROGRA~1\mcafee.com\agent\mcagent.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\McRegWiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcregwiz
hkey HKLM
command C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcregwiz
hkey HKLM
command C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcupdate
hkey HKLM
command C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcupdate
hkey HKLM
command C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NVMixerTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMixerTray
hkey HKLM
command "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMixerTray
hkey HKLM
command "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa Media Detector
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PicasaMediaDetector
hkey HKLM
command C:\Program Files\Picasa2\PicasaMediaDetector.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PicasaMediaDetector
hkey HKLM
command C:\Program Files\Picasa2\PicasaMediaDetector.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PRISMSVR.EXE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PRISMSVR
hkey HKLM
command "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PRISMSVR
hkey HKLM
command "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RealPlay
hkey HKLM
command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RealPlay
hkey HKLM
command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recguard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RECGUARD
hkey HKLM
command C:\WINDOWS\SMINST\RECGUARD.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RECGUARD
hkey HKLM
command C:\WINDOWS\SMINST\RECGUARD.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyFalcon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpyFalcon
hkey HKLM
command C:\Program Files\SpyFalcon\SpyFalcon.exe /h
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpyFalcon
hkey HKLM
command C:\Program Files\SpyFalcon\SpyFalcon.exe /h
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spyware Doctor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item swdoctor
hkey HKCU
command "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item swdoctor
hkey HKCU
command "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunKistEM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item shwiconem
hkey HKLM
command C:\Program Files\Digital Media Reader\shwiconem.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item shwiconem
hkey HKLM
command C:\Program Files\Digital Media Reader\shwiconem.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ttecudx
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ttecudx
hkey HKLM
command C:\WINDOWS\ttecudx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ttecudx
hkey HKLM
command C:\WINDOWS\ttecudx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AdobeUpdateManager
hkey HKCU
command "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AdobeUpdateManager
hkey HKCU
command "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WheelMouse
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Amoumain
hkey HKLM
command Amoumain.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Amoumain
hkey HKLM
command Amoumain.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YBrowser
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ymetray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ymetray
hkey HKLM
command "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ymetray
hkey HKLM
command "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YOP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yop
hkey HKLM
command C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yop
hkey HKLM
command C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\_AntiSpyware
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item masalert
hkey HKLM
command c:\progra~1\mcafee\MCAFEE~1\masalert.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item masalert
hkey HKLM
command c:\progra~1\mcafee\MCAFEE~1\masalert.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 7/8/2006 11:17:03 PM

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:14 PM

Posted 08 July 2006 - 11:59 PM

How To Remove Spyfalcon (removal Instructions)
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users